堡垒机应用服务器(remoteapp)配置手册---V2006

i目录1应用服务器介绍·············································································································1-11.1支持Windowsserver2008的版本··················································································1-11.2RemoteApp应用发布介绍····························································································1-11.3RemoteApp对终端的要求····························································································1-11.4RemoteApp对终端的要求····························································································1-11.5应用服务器授权许可介绍······························································································1-22安装前的准备················································································································2-12.1注意事项···················································································································2-12.2RDS授权码（仅限合同客户）·······················································································2-13应用服务器安装步骤·······································································································3-13.1安装远程桌面服务（必须步骤）·····················································································3-13.2应用服务器激活和授权（如果是测试客户，可忽略此操作）···············································3-173.2.1激活应用服务器·······························································································3-173.2.2安装应用服务器授权许可证················································································3-283.3调整应用服务器的策略（必须步骤）·············································································3-393.3.1调整本地组策略·······························································································3-393.3.2设置RD授权模式····························································································3-453.3.3允许用户在初始连接时启动列出和未列出的程序·····················································3-493.3.4关闭windows防火墙························································································3-513.3.5关闭IE增强的安全配置·····················································································3-523.3.6开启远程桌面··································································································3-543.4发布RemoteApp程序·······························································································3-564运维审计系统与应用服务器结合使用··················································································4-14.1rdp文件应用发布········································································································4-14.2IE代填应用发布·······································································································4-111-11应用服务器介绍应用服务器由windowsserver2008服务器平台搭建的。应用服务器用于安装应用程序，并能通过RemoteApp服务发布应用程序。1.1支持Windowsserver2008的版本WindowsServer2008StandardWindowsServer2008EnterpriseWindowsServer2008Datacenter1.2RemoteApp应用发布介绍RemoteApp是微软在WindowsServer2008之后，在其系统中集成的一项服务功能，使用户可以通过远程桌面访问远端的桌面与程序，客户端本机无须安装系统与应用程序的情况下也能正常使用远端发布的各种的桌面与应用。1.3RemoteApp对终端的要求客户在自行搭建应用服务器(windowsserver2008)前，需要选取相应的硬件配置，为了更好的使用应用服务器推荐以下配置：1、如果采购USM200型号，推荐应用服务器的硬件配置：至少8G内存、四核CPU、250G磁盘空间（给操作系统150G）、两块网卡。2、如果采购USM500型号，推荐应用服务器的硬件配置：至少16G内存、四核CPU、250G磁盘空间（给操作系统150G）、两块网卡。3、如果采购USM1000型号，推荐应用服务器的硬件配置：至少32G内存、六核CPU、300G磁盘空间（给操作系统200G）、两块网卡。4、如果采购USM3000型号，推荐应用服务器的硬件配置：至少64G内存、八核CPU、500G磁盘空间（给操作系统300G）、两块网卡1.4RemoteApp对终端的要求由于是采用RDP协议访问应用服务器提供的应用程序，所以对终端平台有以下要求：（1）终端操作系统必须为windows操作系统。（2）windows的RDP版本至少6.1版本。（3）如果终端操作系统为windowsXP或windowsserver2003，请检查RDP版本，如果版本过低请升级RDP版本。1-21.5应用服务器授权许可介绍应用服务器授权许可证是用于对windowsserver2008的远程桌面服务（RDS）进行授权许可，只有正确RDS授权许可成功之后，运维审计系统访问应用服务器的远程桌面服务就没有时间限制；未进行RDS授权许可的应用服务器只有120天的使用有效期。2-12安装前的准备安装应用服务器需要准备的工作。2.1注意事项为了确保应用服务器配置成功，请遵从以下的注意事项：(1)Windowsserver2008可以直接在本服务器配置里安装RemoteApp服务。(2)Windowsserver2008可以安装在物理设备里，也可以安装在虚拟机里。(3)准备好windowsserver2008操作系统，使用正确的产品ID激活windowsserver2008；否则会影响应用服务器的正常使用。2.2RDS授权码（仅限合同客户）(1)每台正式销售（即合同客户）的运维审计系统可以向安恒公司的相关负责人申请一套RDS授权码。如下图：2-2图2-1RDS授权码示意图示意图中的“父级计划”号码和“开放式许可证详细信息”号码是一组无效的示例号码；请勿使用！否则应用服务器授权失败。因为每份应用服务器授权许可证中的父级计划和开放式许可证详细信息的号码都不同。如果是合同客户，则需要以邮件的方式向安恒公司的相关负责人申请RDS授权码，申请条件：客户名称、合同编号信息！如果是测试客户，则无需申请，因为windows的RDS安装好之后有120天的有效试用期，足以满足测试。(2)每组应用服务器授权许可证中的信息包括：父级计划和开放式许可证详细信息的号码，及对应的运维审计系统的序列号。(3)在章节的RDS授权码会在第“3.2应用服务器授权”中使用到。3-13应用服务器安装步骤本章节以WindowsServer2008R2Enterprise的配置为例。3.1安装远程桌面服务（必须步骤）步骤1在windowsserver2008系统中，进入[服务器管理器/角色]窗口。图3-1服务器管理器示意图步骤2单击添加角色，进入添加角色向导窗口。3-2图3-2添加角色向导示意图步骤3单击下一步进入选择服务器角色窗口，勾选“远程桌面服务”。3-3图3-3选择服务器角色示意图步骤4单击下一步进入远程桌面服务窗口。3-4图3-4远程桌面服务简介示意图步骤5单击下一步进入选择角色服务窗口，勾选“远程桌面会话主机”和“远程桌面授权”服务。3-5图3-5选择角色服务示意图步骤6单击下一步进入应用程序兼容性窗口。3-6图3-6应用程序兼容性提示示意图步骤7单击下一步进入身份验证方法窗口，选择“不需要使用网络级别身份验证”。3-7图3-7选择身份验证方法示意图步骤8单击下一步进入授权模式窗口，选择“以后配置”。3-8图3-8选择授权模式示意图步骤9单击下一步进入用户组窗口，可在“用户或用户组”框添加允许远程访问的用户或用户组。3-9图3-9添加用户组示意图步骤10单击下一步进入客户端体验窗口，不选择任何功能项。3-10图3-10选择客户端体验示意图步骤11单击下一步进入RD授权配置窗口，不选择任何功能项。3-11图3-11RD授权配置界面示意图步骤12单击下一步进入确认窗口3-12图3-12确认安装选择示意图步骤13单击安装进入安装进度窗口。3-13图3-13安装进度示意图步骤14等待安装进度完成后，自动进入安装结果窗